ImageMagick < 6.8.8-5 Multiple PSD Handling Buffer Overflows
Medium Nessus Plugin ID 72722
SynopsisThe remote Windows host contains an application that is affected by a multiple buffer overflow vulnerabilities.
DescriptionThe remote Windows host is running a version of ImageMagick prior to version 6.8.8-5. It is, therefore, affected by the following vulnerabilities :
- A buffer overflow error exists related to PSD image file handling and the 'DecodePSDPixels' function.
- A buffer overflow error exists related to PDF image file handling and RLE decoding. (CVE-2014-2030)
Exploitation of these issues could result in a denial of service or arbitrary code execution.
SolutionUpgrade to ImageMagick 6.8.8-5 or later.
Note that you may need to manually uninstall the vulnerable version from the system.